Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Online investment scams: Inside a fake trading platform

published on 2024-03-13 09:17:30 UTC by Harry Freeborough
Content:

Online investment scams are a global, growing, and uniquely pernicious threat. In newly released data, the Federal Trade Commission attributed more than $4.6 billion of US fraud losses in 2023 to investment scams, more than any other fraud category, and a 21% increase in 2022. The FBI’s 2023 Internet Crime Report notes that investment scams were “once again the costliest type of crime tracked by IC3”.

Many investment scams rely on sophisticated fraudulent investment websites that operate a fake trading platform to trick victims into depositing money after being lured in through email, social media posts or fake ads. In January alone, Netcraft detected and blocked almost 13,000 fake investment platform domains across more than 7,000 IPs: the largest number of IPs since we began tracking the platforms independently and 25% more than in December. 

Online investment scams promise very high returns with no risks attached, claiming to deliver once-in-a-lifetime opportunities for investors to make guaranteed returns overnight. Usually claiming to trade in forex, cryptocurrency, or other high-risk assets, the unsuspecting investor needs only to make an initial payment to take advantage. These guarantees are meaningless, the claimed investment is a sham, and the victim’s money is lost. The impacts on victims can be devastating both financially and emotionally

In this blog post, we will take a deep dive into how the cybercriminals behind these scam websites find victims, operate fake trading platforms, deploy social engineering tactics, and eventually trick victims into depositing substantial amounts of money. 

Recruiting users to join a fake investment platform 

Fake investment platforms are advertised through a myriad of channels. Many are spread through social media platforms like Meta or messaging apps like WhatsApp and Telegram. Reports to Netcraft from our community confirm this. 

One frequently observed technique works by inviting the victim to a group chat, whose members contain self-proclaimed “experts” or “financial analysts”. These experts claim to be sharing trading signals and strategies. In reality, they are bots simply following scripted conversations, where various fake users ask questions and other fake users praise the analysts for their investment advice. These chats – like the one shown below – are designed to trick the victim into thinking that this is a legitimate group where users have made money by following the advice. 

Figure 1 A WhatsApp invitation to join an investment group that will “teach you how to earn huge profits in the crypto-currency market” 

Cybercriminals also email users, claiming they can provide consistent, high-yield returns on their investments. 

Figure 2 Fraudster’s opening email advertising a fake investment platform. 

A user replying indicates to the criminal that they have some buy-in and are a potential victim. The criminal will subsequently provide the fake investment platform’s URL – for example:

Figure 3 Follow-up email that reveals the URL for the fake investment platform 

Despite a convincing-sounding domain (excel-nvest.com), the website is fraudulent. Some of the telltale signs are the tiered levels of investment on offer, as well as the unrealistic return on investment (ROI).
 

Figure 4 The fake investment platform excel-nvest[.]com offers tiered accounts and promises unrealistic ROI. 

Another approach involves combining these investment scams with Advance-Fee Fraud, in which the victim is tricked into making upfront payments under false pretenses. In these cases, the criminals operating fake investment platforms often claim that there are ‘invested inheritance funds’ (or similar) that can be claimed, but a fee must be paid beforehand – for example: 

Figure 5 Fraudulent email containing a link to a fake investment platform. 

This email contains the URL of the fake investment platform and a corresponding username/password combination. The details in the email are designed to convince the recipient that they are dealing with a legitimate organization. Once they have logged into the website, they are presented with a dashboard that shows a snapshot of the investor’s profile.   

Hooking victims 

Many of the fake investment platforms Netcraft has detected and blocked feature a professional-looking financial dashboard, like the one shown below, with graphs, charts, and the victim’s current balance and projected returns. Templates for designing these platforms are openly advertised online, often as “high-yield investment programs” (HYIPs). We have seen hundreds of these templates across various sites, including otherwise legitimate website template marketplaces.  

Figure 6  A fake investment platform’s dashboard interface. Taken from a victim’s review.

The dashboards convince victims to think that they are trading real assets, such as forex or cryptocurrency. However, first-hand accounts from scammers involved in this type of fraud reveal that these trades are not backed by real assets. The illusion of real trading is created by combining techniques, all designed to maximize the amount of money victims deposit into these sites: 

  • Initially, the victim may receive modest returns to create the illusion that the platform is genuine and the investment is profit-making. This positive feedback loop can lead victims to deposit increasing amounts of money, thinking that they are building up a huge balance. Assets prices will not reflect real world prices and are instead fiction so that the victim thinks that their trading strategy is working. 
  • Each victim may be assigned an ‘account manager’ who will call or email them with their ‘professional advice.’ This includes ‘trade signals’ and specific trades they claim will provide good returns. 
  • Sites may claim to run fruitful referral schemes, with the referrer receiving a percentage of all deposits. Victims have reported getting family and friends involved in the sites, as they are convinced that they are generating huge returns. It is worth noting that building trust through a personal recommendation is integral to a criminal’s ability to carry out investment scams. 

Regardless of the tactics adopted, once the victim invests heavily and then attempts to withdraw a large amount of funds, the site operator or account manager will present excuses to explain why this is not possible. Eventually, contact will stop altogether, leaving the victim massively out of pocket. 

Disrupting the fake investment platforms 

Netcraft is the world leader in detecting and blocking online fraud, including phishing, brand infringement, malware command and control, cryptocurrency investment scams, and fake investment platforms. We have recently partnered with ASIC, Australia’s financial regulator, as it develops a scam and phishing website takedown capability as part of its Fighting Scams initiative. 

You can report fake investment platforms you encounter (or any other kind of scam website) directly to Netcraft, or by using the Netcraft Browser Extension or App

Netcraft’s cybercrime detection and disruption services operate 24/7 to discover fake investment platforms, fraud, phishing, and other cyber attacks through extensive automation, AI, machine learning, and human insight. Our disruption & takedown service ensures malicious content is blocked and removed quickly and efficiently—typically within hours.  

Article: Online investment scams: Inside a fake trading platform - published 8 months ago.

https://www.netcraft.com/blog/inside-a-fake-trading-platform/   
Published: 2024 03 13 09:17:30
Received: 2024 03 29 17:22:17
Feed: Netcraft
Source: Netcraft
Category: Cyber Security
Topic: Cyber Security
Views: 1

Custom HTML Block

Click to Open Code Editor